Kaspersky says the attacks use phishing, GitHub-hosted payloads, CVE-2025-9491 LNK abuse, and Go2Tunnel-based tunneling.
Code became much more useful once hooks made it follow my workflow instead of starting from scratch every session.
If you use hvsrpy in your research or consulting, we ask you please cite the following: Vantassel, J.P. (2025). "hvsrpy: An Open‐Source Python Package for ...